data.google_secret_manager_secret_version long timeout for secrets without versions

hashicorp / terraform-provider-google

Terraform Provider for Google Cloud Platform

Mozilla Public License 2.0

2.36k stars 1.75k forks source link

Community Note

Please vote on this issue by adding a 👍 reaction to the original issue to help the community and maintainers prioritize this request.
Please do not leave +1 or me too comments, they generate extra noise for issue followers and do not help prioritize the request.
If you are interested in working on this issue or have submitted a pull request, please leave a comment.
If an issue is assigned to a user, that user is claiming responsibility for the issue.
Customers working with a Google Technical Account Manager or Customer Engineer can ask them to reach out internally to expedite investigation and resolution of this issue.

Terraform Version & Provider Version(s)

Terraform v1.9.0 on linux_amd64

provider registry.terraform.io/hashicorp/google v5.43.0

Affected Resource(s)

data.google_secret_manager_secret_version

Terraform Configuration

resource "google_secret_manager_secret" "token" {
  secret_id = "token"
  replication {
    auto {}
  }
}

data "google_secret_manager_secret_version" "token" {
  depends_on = [ google_secret_manager_secret.token ]
  secret      = "token"
  version     = "latest"
}

# This can be any resource that depends on the token, because it never gets triggered.
resource "some_resource" "token" {
  sensitive_labels {
    token = data.google_secret_manager_secret_version.token.secret_data
  }
}

Debug Output

see "expected behavior"

Expected Behavior

I create a secret without a version, and depend on a version for that secret after the secret is created. Since no version was created, I expect it to just fail but instead it takes 8 minutes to time out. Since the timeout is so long I created a version for the secret while it was reading and expected it to be retrying and grab the latest version. But it also doesn't recognize that I created a version.

Here is the message it displays:

data.google_secret_manager_secret_version.token: Still reading... [7m40s elapsed]

While it is reading, I added a version to that secret, but it never recognized a new version.

Actual Behavior

see expected

Steps to reproduce

terraform apply

Important Factoids

n/a

References

n/a

resource "google_secret_manager_secret" "sm_secret_19430" { secret_id = "sm-secret-19430" replication { auto {} } } resource "google_secret_manager_secret_version" "sm_sv_19430" { secret = google_secret_manager_secret.sm_secret_19430.id secret_data = "something" }

resource "google_secret_manager_secret" "sm_secret_19430" { secret_id = "sm-secret-19430" replication { auto {} } } # resource "google_secret_manager_secret_version" "sm_sv_19430" { # secret = google_secret_manager_secret.sm_secret_19430.id # secret_data = "something" # } data "google_secret_manager_secret_version" "sm_sv_19430" { secret = google_secret_manager_secret.sm_secret_19430.secret_id version = "latest" depends_on = [ google_secret_manager_secret.sm_secret_19430 ] } resource "google_service_account" "sa_19430" { account_id = "sa-19430" } resource "google_secret_manager_secret_iam_member" "sm_secret_iam_member_19430" { secret_id = google_secret_manager_secret.sm_secret_19430.id role = "roles/secretmanager.secretAccessor" member = "serviceAccount:${google_service_account.sa_19430.email}" depends_on = [data.google_secret_manager_secret_version.sm_sv_19430] }

hashicorp / terraform-provider-google